December 11, 2023

Researchers have identified vulnerabilities in Fortinet FortiOS that can be used by threat actors for malicious activities.

The vulnerabilities are Cross-Site scripting (XSS) and Cross-Site request forgery (CSRF) vulnerabilities. These vulnerabilities have been given the CVE IDs CVE-2023-29183 with a CVSS score of 5.4 and CVE-2023-34984 with a CVSS score of 8.8.

CVE-2023-29183

This vulnerability exists due to improper input neutralization during web page generation, which could allow an authenticated attacker to execute a malicious JavaScript code through a crafted guest management setting. Fortinet has given the severity for this vulnerability as 7.3 (High). 

Affected version:

FortiProxy – 7.2.0 through 7.2.47.0.0 through 7.0.10

FortiOS – 7.2.0 through 7.2.4,7.0.0 through 7.0.11,6.4.0 through 6.4.12,6.2.0 through 6.2.14

Advertisements

CVE-2023-34984

This vulnerability exists due to a failure in the protection mechanism in FortiWeb, which could allow a threat actor to bypass CSRF and XSS protections. The severity for this vulnerability has been given as 8.8 (High).

Affected Versions :

FortiWeb- 7.2.0 through 7.2.17.0.0 through 7.0.66.4 all versions6.3 all versions

Users of these products are recommended to upgrade to the latest versions of these products to prevent these vulnerabilities from getting exploited by threat actors.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

TheCyberThrone Security Week In Review – December 2nd & 10th, 2023

December 10, 2023

5Ghoul Vulnerabilities affects 5G devices

December 10, 2023

Microsoft EDGE Browser Critical Sandbox Escape Vulnerability – CVE-2023-35618

December 9, 2023

WordPress POP CMS Vulnerability

December 9, 2023

Apache Struts fixes Critical Vulnerability – CVE-2023-50164

December 8, 2023

Meta enables Messenger with E2EE by Default

December 8, 2023 2
%d